On Wed, 13 Oct 2010 18:15:11 +0200 (CEST)
"Carlos E. R."
Please read what I wrote. Thank you. I wrote nothing about encrypted swap. No need to enter a passphrase during boot and resume. Only during resume.
Yes, you did:
Encrypted suspend is part of uswsusp.
Suspend data is sent to swap, thus swap has to be encripted.
I'd use a separate unencrypted swap partition for that.
If what you mean, but did not explain, is that the entire swap is not encripted, but just the suspend image is,... that's a different thing, and not safe, IMO.
See above. Separate unencrypted swap partition for hibernate.
And how do you combine that partial encription with the fact that at least the home partition, and perhaps all partitions, are LUK encripted? The user would have to type several times the password. Once for the partitions, another for the suspend image...
They are not unmounted during suspend, so do not need to be remounted and thus no passphrase needs to be entered. -- Stefan Seyfried "Any ideas, John?" "Well, surrounding them's out." -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org